Bug 764231 – Bad call to gst_buffer_add_video_gl_texture_upload_meta() in gstvaapivideometa_texture.c

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 764231 - Bad call to gst_buffer_add_video_gl_texture_upload_meta() in gstvaapivideometa_texture.c


Summary:	Bad call to gst_buffer_add_video_gl_texture_upload_meta() in gstvaapivideomet...


Status:	RESOLVED FIXED

Product:	GStreamer
Classification:	Platform
Component:	gstreamer-vaapi
Version:	1.8.0
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	1.8.1
Assigned To:	GStreamer Maintainers
QA Contact:	GStreamer Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2016-03-26 11:01 UTC by Christophe Lafolet
Modified:	2016-03-30 20:59 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
gltextureupload: use an array for texture type (2.50 KB, patch) 2016-03-28 11:39 UTC, Víctor Manuel Jáquez Leal	none	Details \| Review
gltextureupload: use an array for texture type (2.48 KB, patch) 2016-03-28 12:15 UTC, Víctor Manuel Jáquez Leal	committed	Details \| Review

Description Christophe Lafolet 2016-03-26 11:01:43 UTC

the code of the method gst_buffer_add_texture_upload_meta is not compatible with the gst_buffer_add_video_gl_texture_upload_meta api : the call need a GstVideoGLTextureType[4] (because a memcpy is made on the 4 elements) and only a GstVideoGLTextureType[1] is given

=> buffer overflow

Comment 1 Víctor Manuel Jáquez Leal 2016-03-28 11:39:17 UTC

Created attachment 324867 [details] [review]
gltextureupload: use an array for texture type

Instead of using a single value for the texture type, use an array with 4
elements, just as the GstVideoGLTextureUploadMeta, avoiding a buffer
overflow.

Comment 2 Sebastian Dröge (slomo) 2016-03-28 11:42:31 UTC

Review of attachment 324867 [details] [review]:

::: gst/vaapi/gstvaapivideometa_texture.c
@@ +74,3 @@
     GstVideoFormat format)
 {
+  memset (meta->texture_type, 0, sizeof (meta->texture_type[0]) * 4);

memset (meta->texture_type, 0, sizeof (meta->texture_type));

No need to hardcode the 4 in all the places

Comment 3 Víctor Manuel Jáquez Leal 2016-03-28 12:15:31 UTC

Created attachment 324870 [details] [review]
gltextureupload: use an array for texture type

Instead of using a single value for the texture type, use an array with 4
elements, just as the GstVideoGLTextureUploadMeta, avoiding a buffer
overflow.

Comment 4 Víctor Manuel Jáquez Leal 2016-03-28 12:16:31 UTC

(In reply to Sebastian Dröge (slomo) from comment #2)
> Review of attachment 324867 [details] [review] [review]:
> 
> ::: gst/vaapi/gstvaapivideometa_texture.c
> @@ +74,3 @@
>      GstVideoFormat format)
>  {
> +  memset (meta->texture_type, 0, sizeof (meta->texture_type[0]) * 4);
> 
> memset (meta->texture_type, 0, sizeof (meta->texture_type));
> 
> No need to hardcode the 4 in all the places

:) Thanks!

Comment 5 Sebastian Dröge (slomo) 2016-03-28 12:29:33 UTC

Should also go into the 1.8 branch btw. Please backport everything that seems safe enough and is a bugfix to 1.8 :)

Comment 6 Víctor Manuel Jáquez Leal 2016-03-28 13:44:19 UTC

Attachment 324870 [details] pushed as ddddb04 - gltextureupload: use an array for texture type